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1 Software issues: Towards a software architecture for DRM 
^ Sam Michiels, Kristof Verslype, Wouter Joosen, Bart De Decker 

^ November 2005 Proceedings of the 5th ACM workshop on Digital rights management 
DRM '05 

Publisher: ACM Press 

Full text available: ^ pd:7296.34 KB) Additional Information: full citation, abstract , references, index terms 

The domain of digital rights management (DRM) is currently lacking a generic architecture 
that supports interoperability and reuse of specific DRM technologies. This lack of 
architectural support is a serious drawback in light of the rapid evolution of a complex 
domain like DRM. It is highly unlikely that a single DRM technology or standard will be 
able to support the diversity of devices, users, platforms, and media, or the wide variety 
of system requirements concerning security, flexibility, a ... 

Keywords: DRM, software architecture 



2 Architectures: DRM interoperability analysis from the perspective of a layered 
mi framework 

™ Gregory L. Heileman, Pramod A. Jamkhedkar 

November 2005 Proceedings of the 5th ACM workshop on Digital rights management 
DRM '05 

Publisher: ACM Press 

Full text available: ^i)dfC295 A §lK.B) Additional Information: fuNcstatipn, abstradt, references, index terms 

Interoperability is currently seen as one of the most significant problems facing the digital 
rights management (DRM) industry. In this paper we consider the problem of 
interoperability among DRM systems from the perspective of a layered architectural 
framework. The advantage of looking at the problem from this point of view is that the 
layered framework provides a certain amount of structure that is very helpful in guiding 
those working on DRM interoperability issues. Specifically, the layered ... 

Keywords: DRM, interoperability, layered architecture 
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January 2003 Proceedings of the Australasian information security workshop 
conference on ACSW frontiers 2003 - Volume 21 CRPITS '03 

Publisher: Australian Computer Society, Inc. 

Additional Information: full citation, abstract references, citings, index 



Full text available: W pdf(224.63 K3) 

1823 terms 

Transferring the traditional business model for selling digital goods linked to physical 
media to the online world leads to the need for a system to protect digital intellectual 
property. Digital Rights Management(DRM) is a system to protect high-value digital assets 
and control the distribution and usage of those digital assets. This paper presents a 
review of the current state of DRM, focusing on security technologies, underlying legal 
implications and main obstacles to DRM deployment with the ... 



Keywords: DRM, digital content 



Information protection methods: Display-only file server: a solution against 

information theft due to insider attack 
Yang Yu, Tzi-cker Chiueh 

October 2004 Proceedings of the 4th ACM workshop on Digital rights management 
Publisher: ACM Press 

Full text available: ^ pdff311.80 KB) Additional Information: full citation, abstract, references, index terms 

Insider attack is one of the most serious cybersecurity threats to corporate America. 
Among all insider threats, information theft is considered the most damaging in terms of 
potential financial loss. Moreover, it is also especially difficult to detect and prevent, 
because in many cases the attacker has the proper authority to access the stolen 
information. According to the 2003 CSI/FBI Computer Crime and Security Survey, theft of 
proprietary information was the single largest category of los ... 

Keywords: access, digital rights management, information theft, insider attack 



5 Digital rights management & protecting the digital media value chain Q 
|& Marvin L. Smith 

^ October 2004 Proceedings of the 3rd international conference on Mobile and 
ubiquitous multimedia MUM v 04 

Publisher: ACM Press 

Full text available: ^pdf(95.20 KB) Additional Information: fall citation, abstract, references, index terms 

Digital media that is readily & illegally distributed over the Internet and related digital 
networks has posed major problems for the members of the digital media value chain. 
Ubiquitous mobile communication devices such as media capable handsets and PDAs have 
made the problem even larger.Technical approaches to controlling illegal distribution— 
commonly known as Digital Rights Management (DRM)— have been varied and 
inconsistent since the shift from analogue media to digital media; but in rec ... 

Keywords: combined delivery, digital media, digital rights management (DRM), forward 
lock, open mobile alliance (OMA), rights expression language (REL), separate delivery 
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Digital rights management has become a pressing concern for the online music business. 
Existing digital rights management systems are backed by two license management 
models, the tethered model and the untethered model. These two license management 
models focus on the management of payments and usage rights. The problems with these 
models are that the tethered model forces consumers to be online, while the untethered 
model provides relatively less security to the license residing locally. This p ... 

Keywords: digital rights management, electronic business, electronic commerce, 
intellectual property, license management, online music business 



Security as a new dimension in embedded system design: Security as a new Q 
dimension in embedded system design 

Srivaths Ravi, Paul Kocher, Ruby Lee, Gary McGraw, Anand Raghunathan 

June 2004 Proceedings of the 41st annual conference on Design automation 

Publisher: ACM Press 

Full text available: 1 pdf{209.10 KB) AdditlonaI lnformation: f^fc abstract, references, citings, index 

The growing number of instances of breaches in information security in the last few years 
has created a compelling case for efforts towards secure electronic systems. Embedded 
systems, which will be ubiquitously used to capture, store, manipulate, and access data of 
a sensitive nature, pose several unique and interesting security challenges. Security has 
been the subject of intensive research in the areas of cryptography, computing, and 
networking. However, despite these efforts, security is ... 

Keywords: PDAs, architectures, battery life, cryptography, design, design 
methodologies, digital rights management, embedded systems, performance, security, 
security processing, security protocols, sensors, software attacks, tamper resistance, 
trusted computing, viruses 

Roie-based access control on the web □ 

February 2001 ACM Transactions on Information and System Security (TISSEC), volume 

4 Issue 1 

Publisher: ACM Press 

Additional Information: full citation, abstract, references, citings. Index 



Full text available: fBa pdff331.03 KB) 

terms, review 

Current approaches to access control on the Web servers do not scale to enterprise-wide 
systems because they are mostly based on individual user identities. Hence we were 
motivated by the need to manage and enforce the strong and efficient RBAC access 
control technology in large-scale Web environments. To satisfy this requirement, we 
identify two different architectures for RBAC on the Web, called user-pull and server-pull. 
To demonstrate feasibility, we im ... 

Keywords: WWW security, cookies, digital certificates, role-based access control 



9 Securityjn .emb 

&i Srivaths Ravi, Anand Raghunathan, Paul Kocher, Sunil Hattangady 

^ August 2004 ACM Transactions on Embedded Computing Systems (TECS), volume 3 issue 

3 

Publisher: ACM Press 

r- ..i + •■ ui A u/nfi7MQ , Additional Information: full citation, abstract, references , index terms. 
Full text available: W\ pdf(3.67 M3 : 

m review 

Many modern electronic systems— including personal computers, PDAs, cell phones, 
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network routers, smart cards, and networked sensors to name a few— need to access, 
store, manipulate, or communicate sensitive information, making security a serious 
concern in their design. Embedded systems, which account for a wide range of products 
from the electronics, semiconductor, telecommunications, and networking industries, face 
some of the most demanding security concerns — on the one hand, they are oft ... 

Keywords: Embedded systems, architecture, authentication, battery life, cryptographic 
algorithms, decryption, encryption, hardware design, processing requirements, security, 
security attacks, security protocols, tamper resistance 



1 0 Scalable publjc-key tracing and revoking Q 
^ Yevgeniy Dodis, Nelly Fazio, Aggelos Kiayias, Moti Yung 

July 2003 Proceedings of the twenty-second annual symposium on Principles of 
distributed computing 

Publisher: ACM Press 

Full text available- fQ pdfM 17 MB) Additional Information: MlcMion, abstract, references, citing Index 
' ^ J terms 

Traitor Tracing Schemes constitute a very useful tool against piracy in the context of 
digital content broadcast. In such multi-recipient encryption schemes, each decryption 
key is fingerprinted and when a pirate decoder is discovered, the authorities can trace the 
identities of the users that contributed in its construction (called traitors). Public-key 
traitor tracing schemes allow for a multitude of non trusted content providers using the 
same set of keys, which makes the scheme "server-side ... 

Keywords: Broadcast Encryption, Digital Content Distribution, Multicast, Scalability, 
Traitor Tracing 



11 Trustworthy 100-year digital objects: Evidence after every witness is dead □ 
iM; Henry M. Gladney 

^ July 2004 ACM Transactions on Information Systems (TOIS), volume 22 issue 3 
Publisher: ACM Press 

Full text available: MB) Additional Information: Mlcltatjpn., abstract, references, index terms 

In ancient times, wax seals impressed with signet rings were affixed to documents as 
evidence of their authenticity. A digital counterpart is a message authentication code fixed 
firmly to each important document. If a digital object is sealed together with its own audit 
trail, each user can examine this evidence to decide whether to trust the content— no 
matter how distant this user is in time, space, and social affiliation from the document's 
source. We propose an architecture and design that a ... 



12 Formal mode! and policy specification of usage control Q 

M£ Xinwen Zhang, Francesco Parisi-Presicce, Ravi Sandhu, Jaehong Park 

^ November 2005 ACM Transactions on Information and System Security (TISSEC), 

Volume 8 Issue 4 

Publisher: ACM Press 

Full text available: ^.p.dfi28I s .34..KBi Additional Information: MLeMto, flb&tafit, references, iodexltnns 

The recent usage control model (UCON) is a foundation for next-generation access control 
models with distinguishing properties of decision continuity and attribute mutability. A 
usage control decision is determined by combining authorizations, obligations, and 
conditions, presented as UCONABC core models by Park and Sandhu. Based on these core 
aspects, we develop a formal model and logical specification of UCON with an extension of 
Lamport's temporal logic of actions (Tl 
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Keywords: Access control, formal specification, security policy, usage control 



13 Next generation access control models: A logical specification for usage control 
Xinwen Zhang, Jaehong Park, Francesco Parisi-Presicce, Ravi Sandhu 

^ June 2004 Proceedings of the ninth ACM symposium on Access control models and 
technologies 
Publisher: ACM Press 

Full text available: ' P| pdff145.G3 KB) Additional Information: full citation, abstract, references, index terms 



Recently presented usage control (UCON) has been considered as the next generation 
access control model with distinguishing properties of decision continuity and attribute 
mutability. Ausage control decision is determined by combining authorizations, 
obligations, and conditions, presented as UCONABC core models by Park and Sandhu. 
Based on these core aspects, we develop afirst-order logic specification of UCON with 
Lamport's temporallogic of actions (TLA). The building blocks o ... 

Keywords: access control, logic specification, security policy, usage control 

1 4 Jdeot if icatjgn. contro I Q 
Carrie Gates, Jacob Slonim 

^ August 2003 Proceedings of the 2003 workshop on New security paradigms 

Publisher: ACM Press 

Full text available: ^£dftl.06 MB) Additional Information: Mcilation, abstract, references 

Information about individuals is currently maintained in many thousands of databases, 
with much of that information, such as name and address, replicated across multiple 
databases. However, this proliferation of personal information raises issues of privacy for 
the individual, as well as maintenance issues in terms of the accuracy of the information. 
Ideally, each individual would own, maintain and control his personal information, 
allowing access to those who needed at the time it was needed. O ... 

Keywords: architecture, privacy, security 

15 DBMex^ D 

Thomas S. Messerges, Ezzat A. Dabbish 
^ October 2003 Proceedings of the 3rd ACM workshop on Digital rights management 
DRM v 03 

Publisher: ACM Press 

Full text available: ffi ^306 59 K81 Additional abstract nhan&M. Sitings, index 

terms 

In this paper we examine how copyright protection of digital items can be securely 
managed in a 3G mobile phone and other devices. First, the basic concepts, strategies, 
and requirements for digital rights management are reviewed. Next, a framework for 
protecting digital content in the embedded environment of a mobile phone is proposed 
and the elements in this system are defined. The means to enforce security in this system 
are described and a novel "Family Domain" approach to content management ... 

Keywords: MPEG-21, copyright protection, cryptography, digital content, digital rights 
management, embedded system, key management, mobile phone, open mobile alliance, 
security 
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America 

fheo Nicolakis, Carlos E. Pizano, Bianca Prumo, Mitchell Webb 

October 2003 Proceedings of the 3rd ACM workshop on Digital rights management 
DRM '03 

Publisher: ACM Press 

Additional Information: Ml citation, abstract, .references, citings, index 
terms 

The Greek Orthodox Archdiocese of America~(GOA) has amassed a rich and varied 
collection of artifacts associated with two thousand years of religious and historical 
tradition, as well as more than a century of chronicles in America. The items in this 
archive include iconography, art, photographs, letters, and other memorabilia. The GOA 
has endeavored to digitize these assets in order to preserve them, while at the same time 
make them more accessible for appropriate and beneficial uses. Specifica ... 

Keywords: content protection, digital asset management, digital image archive, digital 
rights management 



17 Systems: Jow^ Q 
^ Andr6 Adelsbach, Markus Rohe, Ahmad-Reza Sadeghi 

^ November 2005 Proceedings of the 5th ACM workshop on Digital rights management 
DRM '05 

Publisher: ACM Press 

Full text available: ^j>dfC332J7.KBJ Additional Information: full citation, abstract, references, Index terms 

Digital Rights Management (DRM) systems and applications appear to increasingly attract 
the interest of e-commerce business developers. DRM systems aim at secure distribution 
of digital content and commonly comprise a huge variety of different technologies. 
Current DRM systems focus mainly on right-holder's security needs and commonly neglect 
those of consumers. In particular, these systems even lack reliable means for users to 
verify that they purchase usage-rights on works (licenses) from the ... 

Keywords: DRM, authorship, copyrights, digital distribution chains, licensing and transfer 
of rights, right ownership, usage rights 



18 Di git al r ights ma na ge ment: Support for multi-level se cur ity p ol icie s in DRM Q 
M architectures 

— Bogdan C. Popescu, Bruno Crispo, Andrew S. Tanenbaum 

September 2004 Proceedings of the 2004 workshop on New security paradigms 

Publisher: ACM Press 

Full text available: ^3| pdfM27.41 KB) Additional Information: full citation, abstract, references 

Digital rights management systems allow copyrighted content to be commercialized in 
digital format without the risk of revenue loss due to piracy. Making such systems secure 
is no easy task, given that content needs to be protected while accessed through 
electronic devices in the hands of potentially malicious end-users; in this context, 
intrusion tolerance becomes a very useful system property. In this paper we point out a 
limitation shared by all current DRM architectures, namely their weaknes ... 

Bogdan C. Popescu, Bruno Crispo, Andrew S. Tanenbaum, Frank L.AJ. Kamperman 
^ October 2004 Proceedings of the 4th ACM workshop on Digital rights management 

Publisher: ACM Press 

Full text available: ^|pdf{222.46 KB) Additional Information: fijILflttHfiD, abstract, references, index terms 
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This paper describes a security architecture allowing digital rights management in home 
networks consisting of consumer electronic devices. The idea is to allow devices to 
establish dynamic groups, so called "Authorized Domains", where legally acquired 
copyrighted content can seamlessly move from device to device. This greatly improves 
the end-user experience, preserves "fair use" expectations, and enables the development 
of new business models by content providers. Key to our design is a hyb ... 

Keywords: DRM architectures, compliant CE devices, digital content protection 
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Patrick C. Moore, Wilbur R. Johnson, Richard J. Detry 

November 2001 Proceedings of the 2001 ACM/IEEE conference on Supercomputing 
(CDROM) 

Publisher: ACM Press 

Full text available: ^ pdf( 143.26 KB) Additional Information: Mi citation, abstract, refejences, indexierms 

Porting a complex secure application from one security infrastructure to another is often 
difficult or impractical. Grid security associated with the Globus toolkit is supported by a 
Grid Security Infrastructure (GSI) based on a Public Key Infrastructure where users 
authenticate to the grid using X509 certificates. Kerberos security is based on a trusted 
third party, secret key infrastructure where users authenticate using encrypted tickets. 
However, both GSI and Kerberos provide a Generic Secur ... 

Keywords: ASCI, GSSAPI, globus, grid, kerberos, security 
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